Am 11. Juni 2016 18:31:25 MESZ, schrieb Alan Somers <asomers_at_freebsd.org>: > On Sat, Jun 11, 2016 at 5:32 AM, Domagoj Stolfa > <domagoj.stolfa_at_gmail.com> wrote: > > Yes, it would maybe make sense to do so. I am not too familiar with > > capsicum(4), but glancing over it, it might be possible. If > anything, it > > would allow for code reuse from the OpenBSD ports and increased > portability > > in the future. Maybe the people who have worked with capsicum(4) or > have > > developed it could give some more insight on this. > > > > I don't see how it would be possible. Capsicum is all about file > descriptors. When you call cap_enter(), you give up the ability to > access global namespaces. For example, you can no longer open files > (except using openat(2) for files in a subdirectory of a directory > which is already opened). OTOH, pledge is all about sycalls. When > you pledge, you give up the ability to use certain syscalls, > regardless of what file descriptors they might involve. So for > example, a program that uses pledge(2) to prohibit networking syscalls > can't simply replace pledge(2) with cap_enter(2), because it may need > to open files after pledging. > > -Alan Thanks for the clarification, Alan. So pledge(2) would, if implemented in FreeBSD, complement capsicum. They would only overlap around file descriptors, where capsicum could enforce a processes pledge like to only ever write to one file which is its logfile. FlorianReceived on Mon Jun 13 2016 - 05:44:16 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:05 UTC